HackDig : Dig high-quality web security articles for hacker

If you are a pentester like me, you are doing mobile application reviews on Android. One of the most important things to check is the server API. On the other hand we might want to see what possibilities a server has to influence the Android app with its responses. For both the easiest and most straight forward method is to do a Man-In-The-Middle attack in t

Here’s a little overview of my last few months:
Thinking about using libjson? Maybe you should wait for a bug fix.
Trying to fuzz Java code with afl-gcj was not a very pleasant experience.
Made some efforts to show how to fuzz CGI scripts with AFL.
My CRASS project that includes a script to grep for interesting security related tokens is constantly gr

Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between a Service Provider (SP) and an Identification Provider (IdP). SAML is used in many Single Sign-On (SSO) implementations, when a user is authenticated once by IdP to access multiple related SPs. When a user requests to access a SP, it cre

BurpSentintel is a plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications.Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task.